CVE-2011-5141

Name of the Vulnerable Software and Affected Versions Open Business Management (OBM) versions 2.4.0-rc13 and earlier

Description The issue allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an "export page" action. This is a directory traversal vulnerability in the exportcsv/exportcsv index.php file.

Recommendations For Open Business Management (OBM) versions 2.4.0-rc13 and earlier, consider restricting access to the exportcsv/exportcsv index.php file until a patch is available. As a temporary workaround, avoid using the module parameter in the export page action to minimize the risk of exploitation.